I have realms with several roles where each role uses a different source IP.
I noticed the following in the user guide:
If an end user is mapped to multiple roles and the IVE merges roles, the IVE
associates the source IP address configured for the first role in the list with the
merged role.
Is there really no way to use multiple source IPs in one realm when I merge roles?
I'm not sure I understand your question.
All traffic for a session is initiated from a single address. When roles are merged, the first role that the user is assigned to sets the source IP address for the session.
Role merging is just what it says - the SA creates a merged role from the roles that the user is assigned to. That merged role cannot have multiple source addresses - how would the SA know when to source the data from one address or the other?